----------- SCAN REPORT -----------
TimeStamp: Sat, 6 Feb 2021 07:31:18 -0500
(/usr/sbin/cxs --background --nobayes --clamdsock /var/clamd --dbreport --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 50000 --noforce --html --ignore /etc/cxs/cxs.ignore.manual --options mMOLfSGchexdnwZDRru --qoptions Mv --report /home/mpararhp/scanreport--Feb_06_2021_07h31m.txt --sizemax 1000000 --ssl --summary --sversionscan --timemax 30 --unofficial --user mpararhp --virusscan --vmrssmax 2000000 --xtra /etc/cxs/cxs.xtra.manual)
Scanning /home/mpararhp:
'/home/mpararhp/access-logs'
# Symlink to [/usr/local/apache/domlogs/mpararhp]
'/home/mpararhp/.nc_plugin/hidden'
# World writeable directory
# Scan Timeout (30 secs) while processing:
'/home/mpararhp/11queensfamilydentistry.ca/old.zip'
'/home/mpararhp/11queensfamilydentistry.ca/wp-content/plugins/coming-soon/app/routes.php'
# Universal decode regex match = [universal decoder]
'/home/mpararhp/etc/pureglo.ca/info/q6328zxs7.php'
# Known exploit = [Fingerprint Match] [PHP Obfuscated Exploit [P1855]]
'/home/mpararhp/etc/pureglo.ca/info/q6328zxs79.php'
# Known exploit = [Fingerprint Match] [PHP Obfuscated Exploit [P1855]]
'/home/mpararhp/etc/pureglo.ca/info/zuapl8x53.php'
# Known exploit = [Fingerprint Match] [PHP Obfuscated Exploit [P1855]]
'/home/mpararhp/etc/pureglo.ca/info/zuapl8x539.php'
# Known exploit = [Fingerprint Match] [PHP Obfuscated Exploit [P1855]]
'/home/mpararhp/etc/turmericindianeatery.ca/@pwcache/q6328zxs7.php'
# Known exploit = [Fingerprint Match] [PHP Obfuscated Exploit [P1855]]
'/home/mpararhp/etc/turmericindianeatery.ca/@pwcache/q6328zxs79.php'
# Known exploit = [Fingerprint Match] [PHP Obfuscated Exploit [P1855]]
'/home/mpararhp/etc/turmericindianeatery.ca/@pwcache/zuapl8x53.php'
# Known exploit = [Fingerprint Match] [PHP Obfuscated Exploit [P1855]]
'/home/mpararhp/etc/turmericindianeatery.ca/@pwcache/zuapl8x539.php'
# Known exploit = [Fingerprint Match] [PHP Obfuscated Exploit [P1855]]
'/home/mpararhp/etc/turmericindianeatery.ca/info/q6328zxs7.php'
# Known exploit = [Fingerprint Match] [PHP Obfuscated Exploit [P1855]]
'/home/mpararhp/etc/turmericindianeatery.ca/info/q6328zxs79.php'
# Known exploit = [Fingerprint Match] [PHP Obfuscated Exploit [P1855]]
'/home/mpararhp/etc/turmericindianeatery.ca/info/zuapl8x53.php'
# Known exploit = [Fingerprint Match] [PHP Obfuscated Exploit [P1855]]
'/home/mpararhp/etc/turmericindianeatery.ca/info/zuapl8x539.php'
# Known exploit = [Fingerprint Match] [PHP Obfuscated Exploit [P1855]]
# Scan Timeout (30 secs) while processing:
'/home/mpararhp/mail/queensfamilydentistry.ca/info/cur/1575425911.M762663P438806.premium49.web-hosting.com,S=7211459,W=7305231:2,S'
'/home/mpararhp/mydanini.com/fix/wp-includes/version.php'
# Script version check [OLD] [Wordpress v5.6 < v5.6.1]
'/home/mpararhp/mydanini.com/wp-content/ewww/gifsicle'
# Linux Binary/Executable [application/x-executable]
'/home/mpararhp/mydanini.com/wp-content/ewww/jpegtran'
# Linux Binary/Executable [application/x-executable]
'/home/mpararhp/mydanini.com/wp-content/ewww/optipng'
# Linux Binary/Executable [application/x-executable]
'/home/mpararhp/mydanini.com/wp-content/plugins/woo-multi-currency/frontend/price.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]
'/home/mpararhp/mydanini.com/wp-content/updraft/plugins-old/google-site-kit/includes/Core/Assets/Assets.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]
'/home/mpararhp/mydanini.com/wp-content/updraft/plugins-old/w3-total-cache/CdnEngine_Ftp.php'
# Regular expression match = [\n(?!\s*(//|\#|\*)).*\.ssh/]
'/home/mpararhp/myjackdanni.com/wp-content/plugins/woocommerce/vendor/maxmind-db/reader/ext/maxminddb.c'
# Suspicious file type [application/x-c]
# Scan Timeout (30 secs) while processing:
'/home/mpararhp/pinkalhealth.com/default wordpress.zip'
'/home/mpararhp/quarantine_clamavconnector/logs_gbiproperties.mparkara.com-Jan-2021.gz'
# ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]
'/home/mpararhp/quarantine_clamavconnector/logs_ishitexinc.mparkara.com-Jan-2021.gz'
# ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]
'/home/mpararhp/quarantine_clamavconnector/logs_myjackdanni.mparkara.com-Jan-2021.gz'
# ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]
'/home/mpararhp/quarantine_clamavconnector/logs_sikhheritagelondon.mparkara.com-Jan-2021.gz'
# ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]
'/home/mpararhp/quarantine_clamavconnector/tmp_awstats_awstats012021.ishitexinc.mparkara.com.txt'
# ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]
# Scan Timeout (30 secs) while processing:
'/home/mpararhp/queensfamilydentistry.ca_fresh/old.zip'
'/home/mpararhp/www.burritoguyz.ca'
# Suspicious directory
'/home/mpararhp/www.queensfamilydentistry.ca'
# Suspicious directory
'/home/mpararhp/www.sikhheritagelondon.ca'
# Suspicious directory
'/home/mpararhp/www.turmericindianeatery.ca'
# Suspicious directory
'/home/mpararhp/www.turmericindianeatery.ca/wp-content/plugins/revslider/admin/views/builder.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]
----------- SCAN SUMMARY -----------
Scanned directories: 21201
Scanned files: 216107
Ignored items: 549
Suspicious matches: 33
Viruses found: 5
Fingerprint matches: 12
Data scanned: 161620.84 MB
Scan peak memory: 315276 kB
Scan time/item: 0.031 sec
Scan time: 7284.502 sec
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| .cagefs | Folder | 0771 |
|
|
| .caldav | Folder | 0755 |
|
|
| .cl.selector | Folder | 0755 |
|
|
| .clwpos | Folder | 0700 |
|
|
| .cpanel | Folder | 0700 |
|
|
| .cphorde | Folder | 0700 |
|
|
| .ftp-scan | Folder | 0775 |
|
|
| .htpasswds | Folder | 0750 |
|
|
| .nc_plugin | Folder | 0711 |
|
|
| .pki | Folder | 0740 |
|
|
| .razor | Folder | 0755 |
|
|
| .softaculous | Folder | 0711 |
|
|
| .spamassassin | Folder | 0700 |
|
|
| .sqmailattach | Folder | 0700 |
|
|
| .sqmaildata | Folder | 0700 |
|
|
| .subaccounts | Folder | 0700 |
|
|
| .system-php | Folder | 0755 |
|
|
| .trash | Folder | 0700 |
|
|
| .wp-cli | Folder | 0775 |
|
|
| 11queensfamilydentistry.ca | Folder | 0755 |
|
|
| Domains | Folder | 0755 |
|
|
| access-logs | Folder | 0750 |
|
|
| bin | Folder | 0755 |
|
|
| cache | Folder | 0755 |
|
|
| cgi-bin | Folder | 0755 |
|
|
| etc | Folder | 0750 |
|
|
| gbiproperties.ca | Folder | 0750 |
|
|
| hachiai.mparkara.com | Folder | 0750 |
|
|
| hccold.mparkara.com | Folder | 0750 |
|
|
| invisalign.queensfamilydentistry.ca | Folder | 0750 |
|
|
| ishitexinc.com | Folder | 0750 |
|
|
| lifebuild.mparkara.com | Folder | 0750 |
|
|
| logs | Folder | 0700 |
|
|
| lscache | Folder | 2770 |
|
|
| lscmData | Folder | 0700 |
|
|
| Folder | 0751 |
|
||
| milind.mparkara.com | Folder | 0750 |
|
|
| mobileanesthesia.mparkara.com | Folder | 0750 |
|
|
| mparkaraonline.ca | Folder | 0750 |
|
|
| myjackdanni.com | Folder | 0750 |
|
|
| newpatient.queensfamilydentistry.ca | Folder | 0750 |
|
|
| ottlo.mparkara.com | Folder | 0750 |
|
|
| perl5 | Folder | 0775 |
|
|
| php | Folder | 0755 |
|
|
| public_ftp | Folder | 0750 |
|
|
| public_html | Folder | 0750 |
|
|
| quarantine_clamavconnector | Folder | 0700 |
|
|
| queensfamilydentistry.ca | Folder | 0755 |
|
|
| queensfamilydentistry.ca_fresh | Folder | 0750 |
|
|
| rajaniskinclinic | Folder | 0755 |
|
|
| sikhheritagelondon.ca | Folder | 0777 |
|
|
| softaculous_backups | Folder | 0711 |
|
|
| ssl | Folder | 0755 |
|
|
| tmp | Folder | 0755 |
|
|
| transfer | Folder | 0755 |
|
|
| vardan.mparkara.com | Folder | 0750 |
|
|
| vardandentalstudio.com | Folder | 0750 |
|
|
| vardandentalstudio.in | Folder | 0750 |
|
|
| world.mparkara.com | Folder | 0750 |
|
|
| www | Folder | 0750 |
|
|
| www.queensfamilydentistry.ca | Folder | 0750 |
|
|
| www.turmericindianeatery.ca | Folder | 0750 |
|
|
| .bash_history | File | 637 B | 0600 |
|
| .bash_logout | File | 18 B | 0644 |
|
| .bash_profile | File | 176 B | 0644 |
|
| .bashrc | File | 124 B | 0644 |
|
| .clamavconnector.pid | File | 7 B | 0644 |
|
| .clamavconnector.status | File | 173 B | 0644 |
|
| .contactemail | File | 19 B | 0600 |
|
| .dns | File | 12 B | 0664 |
|
| .ftpquota | File | 19 B | 0600 |
|
| .gemrc | File | 140 B | 0644 |
|
| .htaccess1 | File | 76 B | 0644 |
|
| .imunify_patch_id | File | 106 B | 0660 |
|
| .last.inodes | File | 12.26 KB | 0644 |
|
| .lastlogin | File | 573 B | 0600 |
|
| .myimunify_id | File | 102 B | 0660 |
|
| .pearrc | File | 607 B | 0644 |
|
| .spamassassinboxenable | File | 0 B | 0644 |
|
| .spamassassinenable | File | 0 B | 0644 |
|
| .viminfo | File | 578 B | 0600 |
|
| .wget-hsts | File | 172 B | 0644 |
|
| .zshrc | File | 658 B | 0644 |
|
| anniversaryReminder | File | 645.45 KB | 0644 |
|
| anniversaryReminder.1 | File | 651.55 KB | 0644 |
|
| anniversaryReminder.10 | File | 651.79 KB | 0644 |
|
| anniversaryReminder.11 | File | 651.8 KB | 0644 |
|
| anniversaryReminder.12 | File | 651.63 KB | 0644 |
|
| anniversaryReminder.13 | File | 651.63 KB | 0644 |
|
| anniversaryReminder.14 | File | 651.81 KB | 0644 |
|
| anniversaryReminder.15 | File | 651.52 KB | 0644 |
|
| anniversaryReminder.16 | File | 651.36 KB | 0644 |
|
| anniversaryReminder.17 | File | 651.35 KB | 0644 |
|
| anniversaryReminder.18 | File | 651.36 KB | 0644 |
|
| anniversaryReminder.19 | File | 651.37 KB | 0644 |
|
| anniversaryReminder.2 | File | 651.55 KB | 0644 |
|
| anniversaryReminder.20 | File | 651.38 KB | 0644 |
|
| anniversaryReminder.21 | File | 651.53 KB | 0644 |
|
| anniversaryReminder.22 | File | 651.54 KB | 0644 |
|
| anniversaryReminder.23 | File | 651.36 KB | 0644 |
|
| anniversaryReminder.24 | File | 651.37 KB | 0644 |
|
| anniversaryReminder.25 | File | 651.18 KB | 0644 |
|
| anniversaryReminder.26 | File | 651.2 KB | 0644 |
|
| anniversaryReminder.27 | File | 651.18 KB | 0644 |
|
| anniversaryReminder.28 | File | 651.19 KB | 0644 |
|
| anniversaryReminder.29 | File | 651.35 KB | 0644 |
|
| anniversaryReminder.3 | File | 651.38 KB | 0644 |
|
| anniversaryReminder.30 | File | 651.35 KB | 0644 |
|
| anniversaryReminder.31 | File | 651.34 KB | 0644 |
|
| anniversaryReminder.32 | File | 651.34 KB | 0644 |
|
| anniversaryReminder.33 | File | 651.35 KB | 0644 |
|
| anniversaryReminder.34 | File | 651.37 KB | 0644 |
|
| anniversaryReminder.35 | File | 651.36 KB | 0644 |
|
| anniversaryReminder.36 | File | 651.75 KB | 0644 |
|
| anniversaryReminder.37 | File | 651.6 KB | 0644 |
|
| anniversaryReminder.38 | File | 651.58 KB | 0644 |
|
| anniversaryReminder.39 | File | 651.75 KB | 0644 |
|
| anniversaryReminder.4 | File | 651.55 KB | 0644 |
|
| anniversaryReminder.40 | File | 651.77 KB | 0644 |
|
| anniversaryReminder.41 | File | 651.75 KB | 0644 |
|
| anniversaryReminder.5 | File | 651.54 KB | 0644 |
|
| anniversaryReminder.6 | File | 651.54 KB | 0644 |
|
| anniversaryReminder.7 | File | 651.53 KB | 0644 |
|
| anniversaryReminder.8 | File | 651.79 KB | 0644 |
|
| anniversaryReminder.9 | File | 651.65 KB | 0644 |
|
| birthdayReminder | File | 645.44 KB | 0644 |
|
| birthdayReminder.1 | File | 651.55 KB | 0644 |
|
| birthdayReminder.10 | File | 651.82 KB | 0644 |
|
| birthdayReminder.11 | File | 651.8 KB | 0644 |
|
| birthdayReminder.12 | File | 651.65 KB | 0644 |
|
| birthdayReminder.13 | File | 651.63 KB | 0644 |
|
| birthdayReminder.14 | File | 651.8 KB | 0644 |
|
| birthdayReminder.15 | File | 651.52 KB | 0644 |
|
| birthdayReminder.16 | File | 651.36 KB | 0644 |
|
| birthdayReminder.17 | File | 651.36 KB | 0644 |
|
| birthdayReminder.18 | File | 651.37 KB | 0644 |
|
| birthdayReminder.19 | File | 651.37 KB | 0644 |
|
| birthdayReminder.2 | File | 651.55 KB | 0644 |
|
| birthdayReminder.20 | File | 651.37 KB | 0644 |
|
| birthdayReminder.21 | File | 651.53 KB | 0644 |
|
| birthdayReminder.22 | File | 651.54 KB | 0644 |
|
| birthdayReminder.23 | File | 651.37 KB | 0644 |
|
| birthdayReminder.24 | File | 651.38 KB | 0644 |
|
| birthdayReminder.25 | File | 651.18 KB | 0644 |
|
| birthdayReminder.26 | File | 651.18 KB | 0644 |
|
| birthdayReminder.27 | File | 651.18 KB | 0644 |
|
| birthdayReminder.28 | File | 651.19 KB | 0644 |
|
| birthdayReminder.29 | File | 651.37 KB | 0644 |
|
| birthdayReminder.3 | File | 651.38 KB | 0644 |
|
| birthdayReminder.30 | File | 651.36 KB | 0644 |
|
| birthdayReminder.31 | File | 651.34 KB | 0644 |
|
| birthdayReminder.32 | File | 651.35 KB | 0644 |
|
| birthdayReminder.33 | File | 651.35 KB | 0644 |
|
| birthdayReminder.34 | File | 651.37 KB | 0644 |
|
| birthdayReminder.35 | File | 651.34 KB | 0644 |
|
| birthdayReminder.36 | File | 651.75 KB | 0644 |
|
| birthdayReminder.37 | File | 651.61 KB | 0644 |
|
| birthdayReminder.38 | File | 651.6 KB | 0644 |
|
| birthdayReminder.39 | File | 651.75 KB | 0644 |
|
| birthdayReminder.4 | File | 651.55 KB | 0644 |
|
| birthdayReminder.40 | File | 651.76 KB | 0644 |
|
| birthdayReminder.41 | File | 651.75 KB | 0644 |
|
| birthdayReminder.5 | File | 651.54 KB | 0644 |
|
| birthdayReminder.6 | File | 651.54 KB | 0644 |
|
| birthdayReminder.7 | File | 651.53 KB | 0644 |
|
| birthdayReminder.8 | File | 651.79 KB | 0644 |
|
| birthdayReminder.9 | File | 651.63 KB | 0644 |
|
| cpbackup-exclude.conf | File | 1 B | 0640 |
|
| scanreport--Feb_06_2021_07h31m.txt | File | 5.33 KB | 0644 |
|
| scanreport-mpararhp-Feb_06_2021_08h22m.txt | File | 3.17 KB | 0644 |
|
| scanreport-mpararhp-May072024_00h16m.txt | File | 23.57 KB | 0644 |
|
| scanreport-mpararhp-May_28_2024_14h35m.txt | File | 25.49 KB | 0644 |
|
| scanreport-mytophpk-Feb_03_2021_08h31m.txt | File | 58.52 KB | 0644 |
|